There seems to be some confusion of screenshots vs webcam hacking
Screenshot = Snapshot of what's open on your desktop
Screenshot = Snapshot of what's open on your desktop
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
macOS Big Sur 11.4 Addresses Vulnerability That Could Let Attackers Take Secret Screenshots
- Thread starter MacRumors
- Start date
- Sort by reaction score
If they tell everyone 'there is an exploit'... then the bad people will know there is an exploit and go looking for it. Better they keep it quiet until its been fixed like they did here.
I could feel my mac mini becoming ever so slightly less snappier with each iterations of these small 4GB incremental updates.
Yesterday I downgraded after much debate. Now that I'm in 11.2.1 from 11.3.1, I can definitely say that the snappiness thing wasn't just in my imagination. I would have gone further into the past versions such as 11.1 or 11.0 if not for the bluetooth issues.
It's good they found and fixed some security bug in 11.4. But I can bet my bottom dollar that in the next version of macOS they are going to fix even more bug that exists and are being exploited now, that we don't know of.
Yesterday I downgraded after much debate. Now that I'm in 11.2.1 from 11.3.1, I can definitely say that the snappiness thing wasn't just in my imagination. I would have gone further into the past versions such as 11.1 or 11.0 if not for the bluetooth issues.
It's good they found and fixed some security bug in 11.4. But I can bet my bottom dollar that in the next version of macOS they are going to fix even more bug that exists and are being exploited now, that we don't know of.
I'm a bit surprised that you can (or previously could)
- place another binary inside an app bundle (this, so far, is fairly common)
- have that binary either be not signed at all, or signed with a different certificate (now things get hairy)
- still have that binary inherit TCC settings! (uhh)
What Apple writes about this:
That's kinda vague. Are there other loopholes of the same kind, or does Apple now validate that TCC settings only get inherited if the code signing certificate matches?
Yup.
This is standard practice. You give vendors a window of, say, 90 days to fix the issue so that disclosing it doesn't lead to a mayhem of exploits.
I would hope Mark knows that taping his webcam doesn't prevent screenshots.
They did fix a different issue in TCC on Catalina, so I'm guessing Catalina isn't affected by this particular bug.
The updates don't really add much heft. They're that large because they replace some huge binary blobs each time (which I think is a problematic technical decision) — but the net usage of your disk should be virtually the same.
Well I guess it makes sense since they are adding more and more new features to an OS which will only eventually make the old hardware slower. But I can figure out the difference in response time of apps between various updates (in fresh installs).
Though TBH Apple don't really help that. How often do you get a pop up saying "Random process" wants "random permission" with no explanation of what the permission or process is, no way to verify checksums of the binary etc. After a bit of Googling you find the process is a part of OSX and lots of people have had the pop up.
It shouldn't be this way. If the thing is part of OSX you should be asked at install time, or at some time of your choosing, rather than having a dialog pop up over whatever work you were doing and constantly reappearing if you don't say yes.
Apps should be forced to give some explanation of why they want permissions. Especially why, if its part of OSX, it doesn't just comepwith permission.
Apple should have a detailed description of what each permission is about and it should be linked from the dialog.
There should be some simple means to veriy the thing that caused the pop up to appear is a signed binary and which one.
Hmm, I don't think that popup can appear at all without a code signature, so verifying the checksum isn't a concern. You can opt out of Gatekeeper's code signature check manually (using the contextual menu, etc.), but I believe if you do, TCC flat-out refuses to do grant anything.
But yes, communicating to the user what this process is and how to know whether to trust it is a huge concern.
For many types of permissions, they do. But yes, this should be unified. It's also grating that, if they need multiple permissions, they need to show multiple dialogs.
You can check the list of binaries in Security.
I am glad that this was reported and solved! Just a thought tho: will antivirus apps detect the malware that attacks this vulnerability?
And you expect users to read that? A lot of them click on "OK" or "Accept" before the pop-up animation finished.
Taking screen shots and using the camera are two different things, you know?
Also, there is the green light next to the camera that tells you when it's on.
Incremental update does not mean that all of those 4GB are in addition to what you already have. There is a lot of stuff being replaced by the update. In this case most likely a good deal of the kernel and system library files.
No metadata, alas. Could be OmniGraffle, Visio, or virtually anything.
Reading comprehension is key. If the zero-day vulnerability is piggybacking off of permissions without requiring the user’s explicit consent from apps such as Zoom which does screen sharing and webcam video conferencing so it's not just screen sharing that is vulnerable.
This is my question. I cannot have all systems running on BigSur. It is such a BIG flaw that it should be.
Thank you for pointing this out.
Not entirely clear to me why it only affects macOS 11, though.
Are they saying macOS 11 introduces an ad-hoc signing mechanism? If so, sounds like we could be in for a ride of all kinds of holes…
